How to configure self-hosted DNS for SFMC migration with multiple IPs and avoid conflicts?

Summary

Configuring self-hosted DNS for SFMC migration with multiple IPs requires a multifaceted approach encompassing proper DNS record management (SPF, DKIM, DMARC), strategic IP warm-up, business unit configuration, and continuous deliverability monitoring. It involves understanding DNS records, ensuring accurate SPF records, carefully managing multiple business units, gradually warming up new IPs, implementing DMARC policies, and adhering to SPF record syntax standards. Maintaining existing IPs during migration, using SAP, carefully setting up the dns zone file that Salesforce provides, and implementing all recommended deliverability best practices will result in a smooth migration.

Key findings

  • DNS Record Management: Properly configure SPF, DKIM, and DMARC records to authenticate email sends and prevent domain spoofing.
  • IP Warm-up Strategy: Implement a phased IP warm-up to establish a positive sending reputation.
  • Business Unit Configuration: Carefully manage multiple business units to separate brands and sending reputations.
  • Deliverability Monitoring: Continuously monitor key deliverability metrics to identify and address issues promptly.
  • Sender Authentication Packages (SAP): Leverage Sender Authentication Packages (SAP) to authenticate email sends and improve deliverability.
  • Record accuracy: Maintain accurate SPF records, and update if needed.

Key considerations

  • Maintaining Existing IPs: Maintaining Existing IPs to reduce the reputation lost on the migration.
  • Salesforce Support: Consider the level of support for self-hosted DNS configurations.
  • Overlapping Private Domains: Be aware of potential conflicts, especially regarding overlapping private domains, and take steps to resolve them.
  • Mistake Prevention: Validate DNS records using online tools to minimize authentication failures.
  • SFMC DNS Zone File: When adding a second dedicated IP, Salesforce provides a DNS zone file, ensure that this does not conflict with existing setups.
  • Feedback Loops: Implement feedback loops, spam trap hits, and blocklist status to find reputation issues.

What email marketers say
8Marketer opinions

Migrating to a new Salesforce Marketing Cloud (SFMC) instance with self-hosted DNS and multiple IPs requires careful planning and execution to avoid deliverability issues. Key steps include maintaining accurate DNS records (SPF, DKIM, DMARC), gradually warming up new IPs, separating transactional and marketing email streams, closely monitoring deliverability metrics, and regularly cleaning email lists.

Key opinions

  • DNS Configuration: Properly configure SPF, DKIM, and DMARC records, ensuring all sending sources are included and accurately formatted to prevent authentication failures.
  • IP Warm-up: Gradually warm up new IPs to establish a sending reputation with mailbox providers, avoiding sudden volume spikes that can trigger deliverability issues.
  • Email Segmentation: Separate transactional and marketing email streams onto distinct IPs to isolate reputation issues and maintain deliverability for critical communications.
  • Deliverability Monitoring: Monitor key deliverability metrics such as bounce rates, complaint rates, and blocklist status to identify and promptly address any problems affecting email delivery.
  • List Hygiene: Regularly clean email lists by removing inactive or invalid addresses to reduce bounce rates and improve sender reputation.

Key considerations

  • Overlapping Domains: Be aware of potential conflicts with existing setups, especially regarding overlapping private domains, and take steps to resolve them.
  • Tool Usage: Use monitoring tools like Google Postmaster Tools to assess the status of email deliverability after migration.
  • Mistake Prevention: Validate DNS records using online tools to minimize the chance of authentication failures due to incorrect configuration.
  • SPF Record Accuracy: Make sure your SPF records include all sending sources.
Marketer view

Email marketer from SendGrid Blog advises monitoring key deliverability metrics like bounce rates, complaint rates, and blocklist status to identify and resolve issues impacting email delivery. Regular monitoring helps maintain a positive sending reputation.

September 2024 - SendGrid
Marketer view

Email marketer from EmailGeeks forum recommends warming up new IPs gradually to establish a sending reputation. Separating transactional and marketing emails onto distinct IPs helps maintain deliverability by isolating reputation issues.

October 2024 - EmailGeeks
Marketer view

Email marketer from Litmus Blog highlights common DNS configuration mistakes, like incorrect SPF syntax or missing DKIM records. Validating DNS records with online tools helps ensure accuracy and prevent authentication failures.

August 2021 - Litmus
Marketer view

Email marketer from HubSpot Blog suggests segmenting email lists based on engagement and sending relevant content to each segment. This approach improves engagement rates and prevents deliverability problems caused by sending to unengaged recipients.

November 2021 - HubSpot
Marketer view

Email marketer from Return Path (now Validity) recommends regularly cleaning email lists to remove inactive or invalid addresses. Reducing bounce rates improves sender reputation and deliverability.

July 2023 - Validity
Marketer view

Email marketer from Reddit explains that DNS configurations require careful planning to manage SPF, DKIM, and DMARC records across multiple IPs. Monitoring email deliverability using tools like Google Postmaster Tools is crucial to identify and resolve any conflicts that may arise during the migration process.

February 2023 - Reddit
Marketer view

Email marketer from StackExchange shares that when migrating to a new SFMC instance, keep the same IP address configured on both the old and new instances. When adding a second dedicated IP, Salesforce provides a DNS zone file, but it's crucial to avoid conflicts with existing setups, especially regarding overlapping private domains.

January 2023 - StackExchange
Marketer view

Email marketer from Mailjet Blog emphasizes the importance of a correctly configured SPF record. Ensuring that the SPF record includes all sending sources and is properly formatted avoids deliverability problems caused by authentication failures.

December 2021 - Mailjet

What the experts say
5Expert opinions

Configuring self-hosted DNS for SFMC migration with multiple IPs requires adding necessary DNS entries without deleting existing ones, understanding DNS record types, ensuring accurate SPF records, and closely monitoring sending reputation post-migration.

Key opinions

  • DNS Entries: One additional DNS entry may be needed for mta2. It is important not to delete or replace any existing DNS entries during the configuration process.
  • DNS Record Types: Understanding DNS record types (A, MX, CNAME, TXT) is crucial for correct email routing and sender authentication.
  • SPF Record Accuracy: SPF records must include all authorized sending sources (IP addresses and domains) and should be maintained and updated, particularly after a migration.
  • Reputation Monitoring: Monitoring sending reputation using feedback loops, spam trap hits, and blocklist status is essential to promptly address any deliverability issues.

Key considerations

  • Salesforce Support: Consider providing feedback to Salesforce regarding the level of support for self-hosted DNS configurations.
  • Thorough Testing: Implementing thorough testing is imperative to ensure that the migration and configuration are functioning as expected.
Expert view

Expert from Email Geeks explains that one additional DNS entry to add for mta2. Do not delete or replace any existing DNS.

July 2024 - Email Geeks
Expert view

Expert from Spam Resource explains that understanding different DNS record types, such as A, MX, CNAME, TXT (used for SPF and DKIM), is crucial for configuring DNS settings. Proper configuration of these records helps route email correctly and authenticate the sender's identity.

December 2022 - Spam Resource
Expert view

Expert from Word to the Wise recommends that it's important to monitor your sending reputation. Start by using feedback loops, spam trap hits, and blocklist status during and after the SFMC migration to ensure that any reputation issues are identified and resolved promptly.

November 2022 - Word to the Wise
Expert view

Expert from Spam Resource explains that to avoid issues when setting up Sender Policy Framework (SPF) records, ensure that all authorized sending sources (IP addresses and domains) are included. SPF records should be carefully maintained and updated to reflect any changes in sending infrastructure, especially after a migration.

May 2022 - Spam Resource
Expert view

Expert from Email Geeks suggests giving SFMC AE feedback that support “declines to assist” is subpar.

July 2023 - Email Geeks

What the documentation says
6Technical articles

Configuring self-hosted DNS for SFMC migration involves leveraging Sender Authentication Packages (SAP), properly configuring DNS records (SPF, DKIM, Sender ID), managing multiple business units, employing phased IP warm-up, implementing DMARC policies, and adhering to SPF record syntax standards.

Key findings

  • Sender Authentication Packages (SAP): SAP provides domains and IPs to authenticate email sends, improving deliverability by aligning 'From' addresses with sending infrastructure and setting up dedicated domains for branding and authentication.
  • DNS Records: Proper DNS record configuration (SPF, DKIM, Sender ID) is crucial for identifying emails as originating from authorized domains, preventing deliverability issues.
  • Multiple Business Units: Configuring multiple business units (BUs) within SFMC allows for separating brands and sending reputations, but requires careful planning to avoid conflicts.
  • IP Warm-up: A phased approach to IP warm-up is recommended to allow mailbox providers to learn sending patterns and recognize legitimate traffic, which prevents deliverability problems.
  • DMARC Policies: DMARC policies instruct receiving mail servers on how to handle emails that fail SPF and DKIM checks, preventing domain spoofing and improving email security.
  • SPF Record Syntax: Adhering to correct SPF record syntax and best practices ensures that SPF records are properly interpreted, preventing deliverability issues.

Key considerations

  • Careful Planning: Implementing changes with careful planning allows the set up to work without issues.
  • Avoiding Conflicts: Avoiding conflicts between business units and the set up is crucial to avoid delivery issues.
Technical article

Documentation from Salesforce Help explains that SAP provides a collection of domains and IPs to authenticate email sends, improving deliverability by aligning 'From' addresses with sending infrastructure. It involves setting up dedicated domains for branding and authentication.

June 2022 - Salesforce Help
Technical article

Documentation from Salesforce Help describes how to configure and manage multiple business units within SFMC, allowing for separation of brands and sending reputations. Each BU can have its own IP address and domain configurations, which requires careful planning to prevent conflicts.

August 2021 - Salesforce Help
Technical article

Documentation from SparkPost advises a phased approach to IP warm-up. Gradually increasing sending volume allows mailbox providers to learn the sending patterns and recognize legitimate traffic, preventing deliverability issues.

October 2023 - SparkPost
Technical article

Documentation from DMARC.org details how to configure DMARC policies to instruct receiving mail servers on how to handle emails that fail SPF and DKIM checks. Setting a strict DMARC policy can prevent domain spoofing and improve email security.

March 2024 - DMARC.org
Technical article

Documentation from RFC details the correct syntax and best practices for creating SPF records. Adhering to these standards ensures that SPF records are correctly interpreted by receiving mail servers, preventing deliverability issues.

January 2024 - RFC
Technical article

Documentation from Salesforce Help outlines the necessary DNS records (SPF, DKIM, and Sender ID) required for proper email authentication in Email Studio. Correct configuration ensures emails are properly identified as originating from the authorized domain, preventing deliverability issues.

July 2021 - Salesforce Help